PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 11:09:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
507f3eb704547e7c75d16ec5c4966c3205dc5f74
xamxam/README.md
Pontoporeia 507f3eb704 Consolidate nginx docs and scripts, update paths
2026-04-15 14:24:44 +02:00

99 lines
2.9 KiB
Markdown
Raw Blame History

# posterg
Répertoire des travaux de fin d'études de l'[ERG](https://erg.be) (École de Recherche Graphique).
## Requirements
- PHP 8.4
- SQLite3 (`php8.4-sqlite3`)
- nginx (production)
## Project structure
```
posterg/
├── public/ # DocumentRoot — web-accessible only
│ ├── admin/ # Admin panel (session-authenticated)
│ ├── assets/ # CSS, fonts, icons
│ ├── media.php # Controlled file serving (covers, PDFs)
│ └── *.php # Public pages (index, search, tfe, apropos)
├── src/ # PHP classes (not web-accessible)
│ ├── AdminAuth.php
│ ├── Database.php
│ ├── RateLimit.php
│ └── config.php
├── templates/ # Shared PHP template partials
├── config/ # Bootstrap and credentials (not web-accessible)
├── storage/ # Database and uploaded files (not web-accessible)
│ ├── schema.sql
│ ├── test.db
│ └── fixtures/
├── tests/
├── scripts/ # Dev and server management scripts
│ ├── setup-dev.sh
│ ├── deploy-server.sh # Run on server with sudo to apply nginx config
│ └── manage-admin-users.sh # Run on server with sudo to manage htpasswd
└── nginx/ # nginx config and reference files
├── posterg.conf
├── scripts/ # Server setup scripts (password, PHP SQLite)
└── docs/ # Documentation
```
Uploaded files (PDFs, covers) live in `storage/` — outside the webroot — and are
served exclusively through `public/media.php`, which validates paths and MIME types.
## Development
```bash
just setup # first-time: installs dev dependencies
just serve # http://localhost:8000 (public) and /admin/
just test # run test suite
```
Admin credentials in development are set via `config/admin_credentials.php`
(see `config/admin_credentials.example.php`).
## Deployment
Files are pushed to the server with rsync — there is no repo on the remote.
```bash
just deploy # rsync app files → posterg:/var/www/posterg/
just deploy-db # push local test.db → remote (only if remote DB is absent)
```
`deploy-db` refuses to run if a database already exists on the server, to avoid
accidental overwrites of production data.
### First-time server setup
```bash
ssh posterg
sudo mkdir -p /var/www/posterg
sudo chown www-data:posterg /var/www/posterg
sudo chmod 775 /var/www/posterg
exit
```
Then deploy once and apply nginx config:
```bash
just deploy
just deploy-nginx
```
### Admin users (htpasswd)
```bash
just manage-admin-users
# Then on server:
ssh posterg "sudo bash /tmp/manage-admin-users.sh"
```
## Security notes
- Admin panel protected by nginx `auth_basic` + PHP session (`AdminAuth`)
- Uploads stored outside webroot, served via controlled `media.php`
- Rate limiting on public search (`src/RateLimit.php`)
- See `docs/TODO.SECURITY.md` for outstanding items
Reference in New Issue View Git Blame Copy Permalink